From cf270f3726a8037ebef80888eb510172688e13a7 Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Fri, 30 Apr 2021 09:35:40 +0300
Subject: CRUD bugs

---
 bug/delete.php  | 28 ++++++++++++++++++++++++++++
 bug/edit.php    | 45 +++++++++++++++++++++++++++------------------
 bug/update.php  | 31 +++++++++++++------------------
 bug/view.php    | 34 +++++++++++++++++++---------------
 etc/setup.sql   |  3 +--
 index.php       | 30 ++++++++++++++++--------------
 report/view.php |  2 +-
 7 files changed, 105 insertions(+), 68 deletions(-)

diff --git a/bug/delete.php b/bug/delete.php
index e69de29..9054151 100644
--- a/bug/delete.php
+++ b/bug/delete.php
@@ -0,0 +1,28 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+if(!session_set()) {
+    echo "You need to be logged in";
+    goto redirect;
+}
+
+if($_GET['id'] == "") {
+    echo "No bug to delete";
+    goto redirect;
+}
+
+$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+$query = $conn->prepare("DELETE FROM bugs WHERE id=:bug_id");
+$query->bindParam(':bug_id', $_GET['id']);
+if($query->execute()) {
+    echo "<h2>bug deleted</h2>";
+} else {
+    echo "<h2>bug failed to delete</h2>";
+}
+
+redirect: header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
+?>
diff --git a/bug/edit.php b/bug/edit.php
index 7eba339..ad1ea36 100644
--- a/bug/edit.php
+++ b/bug/edit.php
@@ -1,33 +1,42 @@
 <?php
-require 'config.php';
+require '../config.php';
 require_once(TEMPLATES_PATH . "/header.php");
 require_once(TEMPLATES_PATH . "/panel.php");
 require_once(LIBRARY_PATH . "/functions.php");
 
-if(!isset($_GET['id']) || $_GET['id'] == "") {
-    echo "<div id='error'>No bug selected, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
-
-} else if(!isset($_SESSION['user_id']) || $_SESSION['user_id'] == "") {
+if(!session_set()) {
     echo "<div id='error'>Not logged in, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
+    header("Refresh: 2; URL={$config['urls']['base']}");
+    goto footer;
+}
+
+$id = isset($_GET['id']) ? $_GET['id'] : "";
+$title = "";
+$submitter = $_SESSION['user_name'];
+$description = "";
 
-} else {
+if($id != "") {
     $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $query = $conn->prepare("SELECT title, description, users.username AS submitter FROM bugs 
+        JOIN users ON bugs.author=users.id WHERE bugs.id=:bug_id");
+    $query->bindParam(':bug_id', $id);
+    $query->execute();
 
-    $query = "SELECT title, description, users.username AS submitter FROM bugs JOIN users ON bugs.author = users.id WHERE bugs.id=$_GET[id]";
-    $result = $conn->query($query)->fetch();
+    $result = $query->fetch();
+    $title = $result['title'];
+    $submitter = $result['submitter'];
+    $description = $result['description'];
+}
 ?>
 
-<form action="update.php?id=<?php echo $_GET['id']; ?>" method="post">
-<p>Title: <input name="title" type="text" value="<?php echo $result['title']; ?>"></p>
-<p>Submitted by: <?php echo $result['submitter']; ?></p>
-<p>Description: <br><textarea name="description" rows=25 cols=80><?php echo $result['description']; ?></textarea></p>
-<input type="submit" value="update" >
+<form action="update.php?id=<?php echo $id; ?>" method="post">
+<input name="id" type="hidden" value="<?php echo $id; ?>">
+<p>Title: <input name="title" type="text" value="<?php echo $title; ?>"></p>
+<p>Submitted by: <?php echo $submitter; ?></p>
+<p>Description: <br><textarea name="description" rows=25 cols=80><?php echo $description; ?></textarea></p>
+<input type="submit" value="submit" >
 </form>
 
 <?php
-}
-
-require_once(TEMPLATES_PATH . "/footer.php");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
 ?>
diff --git a/bug/update.php b/bug/update.php
index f27cdd4..0ee6e26 100644
--- a/bug/update.php
+++ b/bug/update.php
@@ -1,35 +1,30 @@
 <?php
-require 'config.php';
+require '../config.php';
 require_once(TEMPLATES_PATH . "/header.php");
 require_once(TEMPLATES_PATH . "/panel.php");
 require_once(LIBRARY_PATH . "/functions.php");
 
-if(!isset($_GET['id']) || $_GET['id'] == "") {
-    echo "<div id='error'>No bug selected, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
-
-} else if(!isset($_SESSION['user_id']) || $_SESSION['user_id'] == "") {
-    echo "<div id='error'>Not logged in, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
-
-} else {
+if(session_set()) {
     $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
-
-    $query = $conn->prepare("UPDATE bugs SET title=:title, description=:description WHERE id=:id");
+    $query = $_POST['id'] == "" ?
+        $conn->prepare("INSERT INTO bugs (author, title, description) VALUES (:user_id, :title, :description)")
+      : $conn->prepare("UPDATE bugs SET title=:title, description=:description WHERE id=:bug_id");
+    if($_POST['id'] == "") {
+        $query->bindParam(':user_id', $_SESSION['user_id']);
+    } else {
+        $query->bindParam(':bug_id', $_POST['id']);
+    }
     $query->bindParam(':title', $_POST['title']);
     $query->bindParam(':description', $_POST['description']);
-    $query->bindParam(':id', $_GET['id']);
     
     if ($query->execute()) {
         echo "Data is updated\n";
     } else {
-        echo "User must have sent wrong inputs\n";
+        echo "Query failed\n";
     }
-
-    header("Refresh: 2; URL=view.php?id=$_GET[id]");
-
 }
 
-require_once(TEMPLATES_PATH . "/footer.php");
+header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
 ?>
 
diff --git a/bug/view.php b/bug/view.php
index 2468abb..d1e4335 100644
--- a/bug/view.php
+++ b/bug/view.php
@@ -1,28 +1,32 @@
 <?php
-require 'config.php';
+require '../config.php';
 require_once(TEMPLATES_PATH . "/header.php");
 require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
 require_once(LIBRARY_PATH . "/parsedown.php");
 
 if(!isset($_GET['id']) || $_GET['id'] == "") {
-    echo "<div id='error'>No bug selected, redirecting to index...</div>";
-    header('Refresh: 2; URL=index.php');
+    echo "<div id='error'>No bug selected...</div>";
+    header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+    goto footer;
+}
 
-} else {
-    if(isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") {
-        echo "<p><a href=edit.php?id=$_GET[id]>Edit</a></p>";
-    }
+$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+$query = $conn->prepare("SELECT title, description, users.username AS submitter FROM bugs 
+    JOIN users ON bugs.author = users.id WHERE bugs.id=:bug_id");
+$query->bindParam(':bug_id', $_GET['id']);
+$query->execute();
+$result = $query->fetch();
 
-    $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
-    $markdown = new Parsedown();
+$markdown = new Parsedown();
 
-    $query = "SELECT title, description, users.username AS submitter FROM bugs JOIN users ON bugs.author = users.id WHERE bugs.id=$_GET[id]";
-    $result = $conn->query($query)->fetch();
+echo "<p><b>$result[title]</b></p>";
+echo "<p>Submitted by $result[submitter]</p>";
+echo '<p>' . $markdown->text($result['description']) . '</p>';
 
-    echo "<p><b>$result[title]</b></p>";
-    echo "<p>Submitted by $result[submitter]</p>";
-    echo '<p>' . $markdown->text($result['description']) . '</p>';
+if(session_set()) {
+    echo "<p><a href=edit.php?id=$_GET[id]>Edit</a> | <a href=delete.php?id=$_GET[id]>Delete</a></p>";
 }
 
-require_once(TEMPLATES_PATH . "/footer.php");
+footer: require_once(TEMPLATES_PATH . "/footer.php");
 ?>
diff --git a/etc/setup.sql b/etc/setup.sql
index 35ddea4..5ca866f 100644
--- a/etc/setup.sql
+++ b/etc/setup.sql
@@ -13,8 +13,7 @@ CREATE TABLE bugs (
 id SERIAL PRIMARY KEY,
 title varchar(50) NOT NULL,
 description text NOT NULL,
-author integer NOT NULL REFERENCES users(id),
-assignee integer REFERENCES users(id)
+author integer NOT NULL REFERENCES users(id)
 );
 
 -- reports table
diff --git a/index.php b/index.php
index 02ad53a..43eb00d 100644
--- a/index.php
+++ b/index.php
@@ -10,28 +10,30 @@ $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['
 <h2>Bugs</h2>
 
 <?php
-# bugs query
-$bugs_q= 'SELECT bugs.id AS id, title, description, users.username AS submitter FROM bugs JOIN users ON bugs.author = users.id';
-if(isset($_GET['term']) && $_GET['term'] != "") {
-    echo "where the title contains: $_GET[term]";
-    $bugs_q = $bugs_q . " WHERE title LIKE '%$_GET[term]%'";
+if(session_set()) {
+    echo "<p><a href='{$config['urls']['base']}/bug/edit.php'>Create</a></p>\n";
 }
+# bugs query
+$bugs = $conn->prepare("SELECT bugs.id AS id, title, description, users.username AS submitter 
+    FROM bugs JOIN users ON bugs.author = users.id
+    WHERE title LIKE :term");
+$bugs->bindValue(':term', isset($_GET['term']) ? '%' . $_GET['term'] : "%");
+$bugs->execute();
 
-$bugs_r = $conn->query($bugs_q);
-if($bugs_r->rowCount() > 0) {
+if($bugs->rowCount() > 0) {
 ?>
 <table style='width:80%'>
 <tr><th>Title</th><th>Description</th><th>Owner</th></tr>
 <?php
-foreach ($bugs_r as $row) {
-    echo "<tr><td><a href=view.php?id=$row[id]>$row[title]</a></td> <td>" . truncate($row['description']) . "</td> <td>$row[submitter]</td></tr>\n";
+foreach ($bugs as $row) {
+    echo "<tr><td><a href=bug/view.php?id=$row[id]>$row[title]</a></td> <td>" . truncate($row['description']) . "</td> <td>$row[submitter]</td></tr>\n";
 }
 ?>
 </table>
 
 <?php
 } else {
-    echo "<p>Zero boogs found.</p>\n";
+    echo "<p>No bugs found.</p>\n";
 }
 ?>
 
@@ -43,16 +45,16 @@ if(session_set()) {
 }
 
 # reports query
-$reports_q = 'SELECT reports.id AS id, title, description, users.username AS user FROM reports JOIN users ON reports.author=users.id WHERE bug IS NULL ORDER BY id';
+$reports = $conn->query("SELECT reports.id AS id, title, description, users.username AS user 
+    FROM reports JOIN users ON reports.author=users.id WHERE bug IS NULL ORDER BY id");
 
-$reports_r = $conn->query($reports_q);
-if($reports_r->rowCount() > 0) {
+if($reports->rowCount() > 0) {
 ?>
 
 <table style='width:80%'>
 <tr><th>Title</th><th>Description</th><th>Submitted by</th></tr>
 <?php
-foreach ($reports_r as $row) {
+foreach ($reports as $row) {
     echo "<tr><td><a href=report/view.php?id=$row[id]>$row[title]</a></td> <td>" . truncate($row['description']) . "</td> <td>$row[user]</td></tr>\n";
 }
 ?>
diff --git a/report/view.php b/report/view.php
index 479f90e..a108d24 100644
--- a/report/view.php
+++ b/report/view.php
@@ -6,7 +6,7 @@ require_once(LIBRARY_PATH . "/functions.php");
 require_once(LIBRARY_PATH . "/parsedown.php");
 
 if(!isset($_GET['id']) || $_GET['id'] == "") {
-    echo "<div id='error'>No report selected, redirecting to index...</div>";
+    echo "<div id='error'>No report selected...</div>";
     header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
     goto footer;
 }
-- 
cgit v1.2.1